React2Shell exploits continue with large-scale Linux backdoor deployments and cloud credential theft

한국어

Ongoing exploitation of the React2Shell vulnerability (CVE-2025-55182)—previously detailed in coverage of China-nexus and cybercriminal campaigns—now includes widespread Linux backdoor installations, arbitrary command execution, and large-scale theft of cloud credentials.

Following earlier reports on PeerBlight and subsequent attacks by groups like UNC6600, UNC6586, UNC6588, UNC6603, and financially motivated actors deploying malware such as MINOCAT, SNOWLIGHT, HISONIC, COMPOOD, ANGRYREBEL.LINUX, and XMRig miners, cybersecurity researchers confirm active, large-scale exploitation of React2Shell (CVE-2025-55182).

Attackers continue leveraging this critical RCE flaw (CVSS 10.0, affecting React 19.0–19.2.0) to install backdoors on Linux systems, execute arbitrary commands, and target cloud credentials for theft.

While patches are available (React 19.0.1, 19.1.2, 19.2.1+), the persistent threats underscore the need for administrators to apply mitigations like Cloud Armor WAF, monitor IOCs from prior coverage, and secure React/Next.js applications amid software supply chain risks.

관련 기사

Illustration depicting the Linux CopyFail vulnerability enabling root access exploits alongside Ubuntu's DDoS-induced outage.
AI에 의해 생성된 이미지

Linux CopyFail exploit threatens root access amid Ubuntu outage

AI에 의해 보고됨 AI에 의해 생성된 이미지

A critical Linux vulnerability known as CopyFail, tracked as CVE-2026-31431, allows attackers to gain root access on systems running kernels since 2017. Publicly released exploit code has heightened risks for data centers and personal devices. Ubuntu's infrastructure has been offline for over a day due to a DDoS attack, hampering security communications.

Researchers discover SSHStalker botnet infecting Linux servers

Flare researchers have identified a new Linux botnet called SSHStalker that has compromised around 7,000 systems using outdated exploits and SSH scanning. The botnet employs IRC for command-and-control while maintaining dormant persistence without immediate malicious activities like DDoS or cryptomining. It targets legacy Linux kernels, highlighting risks in neglected infrastructure.

US government issues urgent CopyFail warning as Linux patches roll out

AI에 의해 보고됨

Four days after the CopyFail (CVE-2026-31431) exploit disclosure disrupted Ubuntu services, the US government warned of its critical risks to Linux systems, urging immediate patching amid public exploit code.

기술

Veeam patches three critical security flaws in backup servers

Linux

Researchers uncover new SysUpdate malware variant targeting Linux

기술

OpenClaw patches severe vulnerability granting admin access

New SysUpdate malware variant targets Linux systems

A new variant of the SysUpdate malware has been discovered targeting Linux systems, featuring advanced encryption for command-and-control communications. Security researchers at LevelBlue identified the threat during a digital forensics engagement and developed a tool to decrypt its traffic. The malware disguises itself as a legitimate system service to evade detection.

Red Hat directs users to security page for CopyFail vulnerability

AI에 의해 보고됨

Red Hat has provided an official link to information on the CopyFail vulnerability, known as CVE-2026-31431. The security page details a fix for the local privilege escalation issue and specifies affected versions. This follows a user inquiry urging faster publication of a patch.

2026년 05월 09일 20시 17분

New dirty frag exploit grants root access on linux systems

2026년 04월 22일 09시 46분

Microsoft patches critical ASP.NET Core vulnerability on macOS and Linux

2026년 02월 23일 08시 01분

Malicious npm packages harvest crypto keys and secrets

2026년 02월 18일 11시 16분

Dell zero-day flaw unpatched for nearly two years

2026년 02월 14일 06시 39분

SSHStalker botnet uses IRC to target Linux servers

이 웹사이트는 쿠키를 사용합니다

사이트를 개선하기 위해 분석을 위한 쿠키를 사용합니다. 자세한 내용은 개인정보 보호 정책을 읽으세요.
거부